Restrict route keyword matching to building field#33
Conversation
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 6da546801d
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| route | ||
| for route in self._routes | ||
| if route.matches(username=message.user.username, text=message.text) | ||
| if route.matches(username=message.user.username, text=parsed_request.fields["building"]) |
There was a problem hiding this comment.
Keep blacklist checks outside building
For routes that use keywords_none as a blocklist for request-level words (for example the documented "cancel"/"отмена" route examples), passing only parsed_request.fields["building"] means RouteRule.matches() now checks both allow and deny keywords only against the building value. A complete request like Building: Tower A ... Comment: cancel will still match and be forwarded, whereas before the negative keyword suppressed it; this should separate building-only positive route selection from request-wide negative filtering if blacklist keywords are meant to block canceled or disallowed requests outside the building field.
Useful? React with 👍 / 👎.
Motivation
buildingvalue) instead of attacker-controlled free text to enforce route isolation.Description
buildingfield instead ofmessage.textby passingparsed_request.fields["building"]toRouteRule.matchesinsrc/telegram_resender/service.py.test_service_matches_route_keywords_only_against_building_fieldintests/unit/test_service.pythat asserts a keyword injected into a comment does not cause an extra route to be selected.service.pyas needed.Testing
python -m ruff format src/telegram_resender/service.py tests/unit/test_service.pyandpython -m ruff check src/telegram_resender/service.py tests/unit/test_service.py, which passed.python -m pytest -o addopts='' tests/unit/test_service.py tests/unit/test_routes.py, resulting in8 passedfor those files.python -m pytest -o addopts=''which failed with async test errors becausepytest-asynciois not installed in the environment, causing many async tests to fail; attemptedpip install -e '.[dev]'to add dev deps but network access to package index failed (403) so dev dependencies were not installed.Codex Task